Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    Parts 1 and 2 happened in succession in November two years ago: the open redirection services of Google and AOL were used by spammers to trick unknowing email recipients into clicking links which led them to different websites. This sequel’s celebrity is Yahoo!:


    Figures 1 & 2. Sample spam.

    The above sample spammed messages contain links with the string search.yahoo.com, which may convince users to think the site is legitimate or trusted. They are led to sites (an example is shown below) which, true enough, sell replica watches and other cheap products.


    Figure 3. This website offers cheap replica watches.

    These sites have been created just this month, and they share a single IP address. Similar to the old Google and AOL incidents, spammers took advantage of open redirection functionalities, which is used by search engines to redirect users to target websites automatically. Users need to just enter a URL or string that is predictably related, even if not exactly, to the site they are looking for and they are immediately led to it without having to see a results page.

    The links given in the email messages in this attack look like Yahoo! itself yielded the results, but spammers were able to fiddle through search results and obfuscate the URLs to add credibility to the sites they are advertising.

    Given the two-year time difference between the earlier two spamming operations and this current one, it seems clear that this technique still works for spammers. Other than adding site credibility, spammed messages are also able to evade filters because the links inside them appear legitimate. This kind of search engine exploitation is considered to be blackhat SEO (Search Engine Optimization) practice.

    The timing of this run may also be related to the upcoming Valentine’s Day as more users are expected to purchase presents online. The malware family WALEDAC was first to take advantage of this said event, sending fake ecards that led to malware.

    The Trend Micro Smart Protection Network already blocks these spammed messages.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice